summaryrefslogtreecommitdiffstats
path: root/core/jni/android/graphics/Region.cpp
diff options
context:
space:
mode:
authorDerek Sollenberger <djsollen@google.com>2015-05-18 17:37:06 +0000
committerAndroid (Google) Code Review <android-gerrit@google.com>2015-05-18 17:37:08 +0000
commitbeda8613ad7bc01affa17857faed04d9589db34c (patch)
tree11eb9cb3dd63bd9b32dcf17ed92d7ba58c0a6cb5 /core/jni/android/graphics/Region.cpp
parentc8304e86c86b1925d6f3e58a930d6a2ada6bb3a2 (diff)
parent3082fe440f90b7a3e6e031b6641f4a71b907dd4f (diff)
downloadframeworks_base-beda8613ad7bc01affa17857faed04d9589db34c.zip
frameworks_base-beda8613ad7bc01affa17857faed04d9589db34c.tar.gz
frameworks_base-beda8613ad7bc01affa17857faed04d9589db34c.tar.bz2
Merge "Ensure that unparcelling Region only reads the expected number of bytes" into mnc-dev
Diffstat (limited to 'core/jni/android/graphics/Region.cpp')
-rw-r--r--core/jni/android/graphics/Region.cpp11
1 files changed, 8 insertions, 3 deletions
diff --git a/core/jni/android/graphics/Region.cpp b/core/jni/android/graphics/Region.cpp
index 90a020e..cf02e39 100644
--- a/core/jni/android/graphics/Region.cpp
+++ b/core/jni/android/graphics/Region.cpp
@@ -206,15 +206,20 @@ static jstring Region_toString(JNIEnv* env, jobject clazz, jlong regionHandle) {
static jlong Region_createFromParcel(JNIEnv* env, jobject clazz, jobject parcel)
{
- if (parcel == NULL) {
- return NULL;
+ if (parcel == nullptr) {
+ return 0;
}
android::Parcel* p = android::parcelForJavaObject(env, parcel);
SkRegion* region = new SkRegion;
size_t size = p->readInt32();
- region->readFromMemory(p->readInplace(size), size);
+ size_t actualSize = region->readFromMemory(p->readInplace(size), size);
+
+ if (size != actualSize) {
+ delete region;
+ return 0;
+ }
return reinterpret_cast<jlong>(region);
}
generated by cgit v1.1 at 2025-11-28 00:38:22 +0000